Category Archives: Microsoft

Dutch PowerShell User Group – Basics part Deux

It had already been well over a year since the first iteration of the DuPSUG Basics day, but yesterday we finally had the opportunity to host our second day of basic PowerShell training. This time we were hosted at the Sogeti office in Vianen.

BEGIN END SPEAKER TITLE
09:15 10:30 Mark van de Waarsenburg Powershell basics
10:40 11:25 Erik Heeres Powershell Remoting
11:30 12:15 Jaap Brasser [MVP] Manage your infrastructure with PowerShell
13:15 14:00 Robert Prust Improving your scripts
14:00 14:45 Ralph Eckhard Powershell for Office 365 Administrators
15:20 16:05 Jeff Wouters [MVP] Tips and tricks
16:10 16:45 DuPSUG Speakers Ask us (almost) anything

The Dutch PowerShell User Group has a GitHub repository where all the demos and slides of the presenters will be gathered:

Dutch PowerShell User Group – Basics Deux

To give you an impression of the event I have included the following photos:

The code and the presentation has been shared on GitHub in my Events repository:
Manage your Infrastructure with PowerShell

I also shared the slides I used and my other presentations on SlideShare:

Share

Austin PowerShell Users Group – Slides and Code

Last week I had the pleasure of presenting for the Austin PowerShell UG, this is a group run by Ricc Babbitt. During this session I presented the following topic:

Reach the next level with PowerShell

During this presentation I walked the audience through the process of developing a short script to gather information from a system. I pinpointed a number of steps that you can take while developing a script and how to combine the output from different sources in order to get a complete picture of what is running in your environment.

The code has been shared on GitHub in my Events repository:

Reach the next level with PowerShell

I also shared the slides I used and my other presentations on SlideShare:


Share

Decipher obfuscated URLs with PowerShell

I recently received a message on Skype from a friend I had not talked to for a while, I was happy to see it was spam. Not because it was spam, but because it was using an encoded Url. After taking a quick look at the structure I thought, this is definitely something I can decode.

To me this looked like hexadecimal code, and I quickly threw together a PowerShell one-liners to decode to decode this, note that I skip the first six character because:

1
2
3
-join [char[]](
'%6A%61%61%70%62%72%61%73%73%65%72%2E%63%6F%6D' -split '%' |
Where-Object {$_} | ForEach-Object {[Convert]::ToInt32($_,16)})

This provides us with the following output:

jaapbrasser.com

Because this is a little bit hard to read, let’s break it up into chunks:

1
2
3
4
5
$Split      = '%6A%61%61%70%62%72%61%73%73%65%72%2E%63%6F%6D' -split '%'
$Split      = $Split | Where-Object {$_}
$Integers   = $Split | ForEach-Object {[Convert]::ToInt32($_,16)})
$Characters = [char[]]$Integers
-join $Characters

So let’s go line-by-line through what the code does:

  1. Split the code on the %-character
  2. Skip the first entry, because we split on %, the first result will be empty and can cause errors later
  3. Convert the hexadecimal number to integers using the Convert type accelerator
  4. Convert the integers to Char by strong typing them to a Char array
  5. Use the join operator to turn it into a string

So now that we have this complete, we no longer have to guess where the encoded link is going to lead us. In my case, the link of my friend happened to take me a Russian website trying to get me involved in binary option trading:

For more information about percent encoding as a concept, have a look at the Wikipedia page over here:

Wikipedia – Percent-Encoding

I have created a function for to be able to perform this this conversion in the future, I made it available on GitHub, TechNet Gallery and the PowerShell Gallery:

Share

Wrapup of BSides Amsterdam 2017

Last Friday I had the pleasure to speak at BSides Amsterdam, a security centered conference that hosted its first iteration in Amsterdam. I could not pass up on the opportunity to attend this event. Here is an excerpt about the BSides concept from their site at bsidesams.nl:

Security BSides is a community-driven framework for building events, by and for, information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent BSides-Approved event in Amsterdam, for the Netherlands.

It was a full day with topics ranging from hardware hacking to botnet infrastructure. With 13 sessions on a single day it was very interesting to take part in this event and to be able to speak and network with professionals from all different sides of the spectrum. I have attached some pictures to give you an impression of the day at BSides Amsterdam:

It was a full day with topics ranging from hardware hacking to botnet infrastructure. With 13 sessions on a single day it was very interesting to take part in this event and to be able to speak and network with professionals from all different sides of the spectrum.

At the event I spoke about using PowerShell to Automate security and specifically about how to detect malicious activity. All the code and slides are as always available in my Events GitHub repository:

Automating security with PowerShell

I also shared this slidedeck and my others on SlideShare:

Share

Automatic Slack invitations with Microsoft Forms and Flow

As we are currently preparing everything for the PowerShell Conference Asia, we decided to open up our Slack team to the general public. In order to do this we had to set up an automated Slack inviter. My initial search for examples of how to set this up resulted in a lot of old blog post, because of that I went back to the drawing board and took a look at what I thought I needed:

  • An online form
  • Trigger when form is filled in
  • A method of inviting

Because I have an Office 365 account I decided to use a combination of Microsoft Forms and Microsoft Flow for this purpose. Microsoft Forms is similar to many other online forms, but the combination with Microsoft Flow was what won me over. Microsoft Flow allows for setting up automated workflows in Office 365. It can also use webhooks, which happens to be an excellent method of working with Slack.

I then found this post on Stack Overflow, in the Slack API team invitation question, covering an undocumented feature in the Slack API that allows for invitations to be send out by webhooks. With that we filled in the have matched the requirements for setting up automatic invites for Slack.

So first things first, in order to use the Slack API we require a token, for this purpose I requested a Legacy token, which can be done at the following URI:

https://api.slack.com/custom-integrations/legacy-tokens

After clicking create token you will get a string that resembles this:

xoxp-00000000000-00000000000-000000000000-00000aa0a00a0a0a0aa0aaf00b00a00d

We will need this to authenticate with Slack once we setup the webhook, because of this it is important you do not share this token with anyone, or store this in a public repository.

The next step is to setup a form in Microsoft Forms, to keep sign up simple we will just request users to enter their email address. They can choose to fill in the rest of their details when they click the registration link that will be send out by Slack. I created the following:

Next up we want to create a sharing link for this Form, make sure you set the sharing option to, Anyone with the link can respond, as the default sharing option is that only people within your Office 365 organization are able to access the Form. This can be done as shown in the following screenshot.

Now that we have this setup it is time to create our Flow. For the purpose of this blog post I created a simple Flow that triggers when a response has been received:

Then we configure the HTTP webhook to trigger Slack to send an invitation email to that email address:

https://slack.com/api/users.admin.invite?token=xoxp-00000000000-00000000000-000000000000-00000aa0a00a0a0a0aa0aaf00b00a00d&email=

After saving and enabling this flow the automatic invitations will be send out as soon as someone fills out the form. Because we made the the sharing link public to the Microsoft Form you can now use social media to share out and promote your Slack team.

Let me know how this works for you and if you have become curious about the PowerShell Conference Asia or you want to network with some of the attendees and speakers of that conference you can sign up here:

PowerShell Conference Asia – Slack Invitation

Share

PowerShell Conference Asia – Registration is open

This October the PowerShell Conference Asia will once again take place in the Microsoft offices in Singapore. As part of the PowerShell Conference organization and returning speaker I am happy to announce that this is shaping up to be our biggest event so far.

As listed on the registration page:

DESCRIPTION

Join us for the third PowerShell Conference Asia, held in Singapore, where PowerShell speakers from Asia and around the world come together to bring attendees in-depth PowerShell and DevOps content.

Speakers include several members of the Windows PowerShell team from Microsoft headquarters in Redmond and a strong line-up of MVPs, well-known international speakers, and community contributors. They’ll cover in-depth topics on the PowerShell language and how you can use PowerShell to automate the technologies you use every day. There will be a strong focus on using PowerShell to enable DevOps practices whether On Premises or in the cloud.

There will be speakers from over a dozen countries and attendees to network with from all over the work. If you are interested in this event feel free to drop a comment below or reach out to me on twitter as I will be happy to answer any questions you might have about this event.

In the mean time for additional information about this event make sure you head over to the PowerShell Conference Asia site, conveniently located at psconf.asia & powershell.asia. And to register head over > here <

Share

Chat automation in a modern IT environment

Winops Banner

This week I was invited to speak at the joint WinOps London and London PowerShell user group meetup in central London. For more information about the event you can have a look at the following link: WinOps #14 – in connection with PowerShell London UK

Our July meetup will be held at Rubrik’s offices in Moorgate on Thursday 20th July. Rubrik are one of our gold sponsors for the WinOps Conference. This meetup will be in connection with PSUG UK and we’ll have a PowerShell MVP speaking on the night. Last meetup before the conference so not one to miss!

During my presentation I covered the very broad topic of Chat Automation, also known as ChatOps. This has recently been getting more attention and I put together a presentation in which I showed how to setup PoshBot on a Windows machine, demoed its functionality. Also I gave an example of how to use a Chat bot to resolve an issue in a production, assisted by Daniel Krebs. The full session description is as follows:

In this session we will cover a range of topics regarding Chat automation and the possibilities this gives us. We will dive into the concept of ChatOps, what it is, how we can implement it and what the benefits are. After this brief introduction we will dive into real-world examples of setting up and configuring your first chat bot, configuring security and resolving real-world incidents using this chat bot.

To give you an impression of the event I have attached some pictures taken that evening:

All the code and slides are as always available in my Events GitHub repository:

I also share my presentations on SlideShare:

Share